Networking Properties

Java Properties

java.net.preferIPv4Stack (default: false)

If IPv6 is available on the operating system the underlying
native socket will be an IPv6 socket. This allows Java(tm)
applications to connect too, and accept connections from, both
IPv4 and IPv6 hosts.

If an application has a preference to only use IPv4 sockets
then this property can be set to true. The implication is that
the application will not be able to communicate with IPv6
hosts.

java.net.preferIPv6Addresses (default: false)

If IPv6 is available on the operating system the default
preference is to prefer an IPv4-mapped address over an IPv6
address. This is for backward compatibility reasons - for example
applications that depend on access to an IPv4 only service or
applications that depend on the %d.%d.%d.%d representation of an
IP address. This property can be set to try to change the
preferences to use IPv6 addresses over IPv4 addresses. This
allows applications to be tested and deployed in environments
where the application is expected to connect to IPv6
services.

networkaddress.cache.ttl

Specified in java.security to indicate the caching policy for
successful name lookups from the name service.. The value is
specified as integer to indicate the number of seconds to cache
the successful lookup.

A value of -1 indicates "cache forever". The default behavior
is to cache forever when a security manager is installed, and to
cache for an implementation specific period of time, when a
security manager is not installed.

networkaddress.cache.negative.ttl (default: 10)

Specified in java.security to indicate the caching policy for
un-successful name lookups from the name service.. The value is
specified as integer to indicate the number of seconds to cache
the failure for un-successful lookups.

http.proxyHost and http.proxyPort indicate the proxy server
and port that the http protocol handler will use.

http.nonProxyHosts indicates the hosts which should be
connected too directly and not through the proxy server. The
value can be a list of hosts, each seperated by a |, and in
addition a wildcard character (*) can be used for matching. For
example: -Dhttp.nonProxyHosts="*.example.com|localhost".

ftp.proxyHost and ftp.proxyPort indicate the proxy server and
port that the ftp protocol handler will use. ftp.nonProxyHosts is
similiar to http.nonProxyHosts and indicates the hosts that
should be connected too directly and not through the proxy
server.

These system properties modify the behavior of the HTTP
digest authentication mechanism. Digest authentication provides a
limited ability for the server to authenticate itself to the
client (ie. by proving that it knows the users password).
However, not all servers support this capability and by default
the check is switched off. The first two properties above can be
set to true, to enforce this check, for either authentication
with an origin, or a proxy server respectively.

It is not normally necessary to set the third property
(http.auth.digest.cnonceRepeat). This determines how many times a
cnonce value is reused. This can be useful when the MD5-sess
algorithm is being used. Increasing the value reduces the
computational overhead on both the client and the server by
reducing the amount of material that has to be hashed for each
HTTP request.

http.auth.ntlm.domain:

Similar to other HTTP authentication schemes, NTLM uses the
java.net.Authenticator class to acquire usernames and passwords
when they are needed. However, NTLM also needs the NT domain
name. There are three options for specifying the domain:

Do not specify it. In some environments, the domain is not
actually required and the application need not specify it.

The domain name can be encoded within the username by
prefixing the domain name followed by a back-slash '\' before the
username. With this method, existing applications that use the
Authenticator class do not need to be modified, so long as users
are made aware that this notation must be used.

If a domain name is not specified as in method 2) and the
system property "http.auth.ntlm.domain" is defined, then the
value of this property will be used as the domain name.

The SOCKS username and password are acquired in the following
way. First, if the application has registered a
java.net.Authenticator default instance, then this will be
queried with the protocol set to the string "SOCKS5", and the
prompt set to the string "SOCKS authentication". If the
authenticator does not return a username/password or if no
authenticator is registered then the system checks for the user
preferences "java.net.socks.username" and
"java.net.socks.password". If these preferences do not exist,
then the system property "user.name" is checked for a username.
In this case, no password is supplied.

socksProxyHost

socksProxyPort (default: 1080)

Indicates the name of the SOCKS proxy server and the port
number that will be used by the SOCKS protocol layer. If
socksProxyHost is specified then all TCP sockets will use the
SOCKS proxy server to establish a connection or accept one. The
SOCKS proxy server can either be a SOCKS v4 or v5 server and it
has to allow for unauthenticated connections.

socksProxyVersion (default: 5)

The version of the SOCKS protocol supported by the server. The
default is 5 indicating SOCKS V5, alternatively
4 can be specified for SOCKS V4. Setting the property
to values other than these leads to unspecified behavior.

Sun implementation-specific properties

These properties may not be supported in future releases.

sun.net.inetaddr.ttl

This is a sun private system property which corresponds to
networkaddress.cache.ttl. It takes the same
value and has the same meaning, but can be set as a command-line
option. However, the preferred way is to use the security
property mentioned above.

sun.net.inetaddr.negative.ttl

This is a sun private system property which corresponds to
networkaddress.cache.negative.ttl. It takes
the same value and has the same meaning, but can be set as a
command-line option. However, the preferred way is to use the
security property mentioned above.

These properties specify the default connect and read timeout
(resp.) for the protocol handler used by java.net.URLConnection.

sun.net.client.defaultConnectTimeout specifies the timeout (in
milliseconds) to establish the connection to the host. For
example for http connections it is the timeout when establishing
the connection to the http server. For ftp connection it is the
timeout when establishing the connection to ftp servers.

sun.net.client.defaultReadTimeout specifies the timeout (in
milliseconds) when reading from input stream when a connection is
established to a resource.

sun.net.http.retryPost (default: true)

It determines if an unsuccessful HTTP POST request will be
automatically resent to the server. Unsuccessful in this case
means the server did not send a valid HTTP response or an
IOException occurred.

Specifies the name service provider that you can use. By
default, Java will use the system configured name lookup
mechanism, such as file, nis, etc. You can specify your own by
setting this option. <n> takes the value of a positive
number, it indicates the precedence order with a small number
takes higher precendence over a bigger number.
Aside from the default provider, the JDK includes a DNS provider named "dns,sun".

Prior to JDK 7, the first provider that was successfully
loaded was used. In JDK 7, providers are chained, which
means that if a lookup on a provider fails, the next provider in the list is
consulted to resolve the name.

You can specify a comma separated list of IP addresses that
point to the DNS servers you want to use. If the
sun.net.spi.nameservice.nameservers property is not defined, then
the provider will use any name servers already configured in the
platform DNS configuration.

sun.net.spi.nameservice.domain=<domainname>

This property specifies the default DNS domain name, for
instance, eng.example.com. If the sun.net.spi.nameservice.domain
property is not defined then the provider will use any domain or
domain search list configured in the platform DNS
configuration.